Allowing traffic to tunnel through ISA

We've been using Checkpoint until now, but are trying to implement an
ISA server as a replacement. One thing we are having trouble with is
Tunnelling.

We have an Internal VPN server that communicates with other servers
around the world using port 3265.

Traffic between these servers is encrypted, and previously, all we
needed to do was add a Checkpoint rule saying

Source: Any
Destination: IP of VPN Server
Port: 3265
Action: Accept

This would allow all such traffic to go to the VPN Server, and only that
server.

The two VPN servers would handle the entire communication process
between them, authentication, encryption/decryption, etc.

We did the same thing with cc:Mail Router over TCP/IP, which uses (IIRC)
port 3264.

With ISA 2004 we keep getting Denied Connection. It doesn't seem to want
to allow traffic through uninspected.

Has anybody else got non-standard application and port requirements, and
if so, have you found a solution?

Cheers,

Kevin L.
Bahrain Petroleum Company



Other related posts: